Krispy Kreme
Data Breach Class Action Lawsuit

Posted: June 19, 2025 -- Attention, victims of the Krispy Kreme data breach.

Abington Cole + Ellery is investigating the data breach recently announced by Krispy Kreme.

Krispy Kreme Data Breach Summary:

Approximately 161,000 individuals were affected by the Krispy Kreme data breach, and breached data may include, but is not necessarily limited to: name, date of birth, Social Security number, Digital signature, driver’s license or state ID data, email address and password, financial account data, USCIS or Alien Registration Number, credit or debit card data, biometric information, username and password to a financial account, passport number, health insurance data, username and password, financial account access data, credit or debit card data in combination with a security code, medical or health data, and US military ID number.

Krispy Kreme Doughnut Corporation recently informed individuals about a data security breach involving unauthorized access to specific systems and data. The company says it conducted a thorough review and validation of the data, along with notifying those whose information the incident impacted in compliance with legal obligations. Most individuals receiving notifications include current and former Krispy Kreme employees, as well as their family members.

On November 29, 2024, Krispy Kreme detected unauthorized activity within parts of its information technology infrastructure. The company says it responded by launching an investigation, containment, and remediation efforts, enlisting the expertise of cybersecurity professionals. By May 22, 2025, Krispy Kreme says the investigation confirmed that certain personal information had been compromised.

As a result of the data breach, Krispy Kreme is offering 12 months of free credit monitoring and/or identity theft protection services to some affected individuals.

Additional information about the Krispy Kreme data breach may be found here: Krispy Kreme NOTICE OF DATA BREACH, and here: Krispy Kreme Data Breach Notification (Maine). The Krispy Kreme Website may also have additional information about or provide periodic updates regarding the data breach.

About Krispy Kreme:

Krispy Kreme, Inc. is an American doughnut company and coffeehouse chain founded on July 13, 1937, in Winston Salem, North Carolina, by Vernon Rudolph, who acquired a yeast-raised doughnut recipe and began selling to local grocery stores before opening a retail window. Incorporated as a public company in 2000, the brand later returned to private ownership under JAB Holding in 2016 before relisting on Nasdaq in July 2021. Headquartered in Charlotte, North Carolina, the company operates approximately 1,400 outlets across multiple countries.

The company’s core product is a yeast-raised glazed doughnut introduced at its first location, which also functions as a central piece of its production model, known as the “Hot Doughnut Machine,” designed to allow fresh output in multiple venues. Apart from this staple item, the menu includes cake doughnuts, filled doughnuts, crullers, fritters, coffee, and other beverages. Distribution has expanded beyond retail outlets to include supermarkets, convenience stores, and partnerships such as a multi-year rollout of products through McDonald’s locations.

The company has expanded internationally to more than 30 countries, with recent openings including locations in Spain, France, Morocco, and Brazil. Over the years, the company’s growth has included shifts in ownership, periods of rapid expansion, a public listing followed by allegations of accounting irregularities, a SEC order, and subsequent return to public markets. Financially, the company reported net income of approximately US 3.1 million and operating income of around −US 8.7 million in its latest fiscal year, with total assets near US 3.1 billion and equity roughly US 1.16 billion.

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

If you believe you are a victim of the Krispy Kreme data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by Krispy Kreme or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.